AI Governance and Security Challenges in Enterprise Environments
Enterprises are facing a critical inflection point as artificial intelligence becomes deeply embedded across organizational layers, fundamentally altering cyber risk and security postures. Research from industry leaders and the Cloud Security Alliance highlights that mature governance frameworks are now the primary differentiator for organizations confident in their ability to secure AI systems. As AI agents and machine identities proliferate, traditional identity and access management models are proving inadequate, with identity emerging as the new control plane for managing AI risk. The rapid adoption of AI, often without sufficient oversight, is creating new blind spots, expanding attack surfaces, and introducing risks such as shadow AI, where unsanctioned tools and agents operate outside established security controls. Security teams are increasingly involved in AI adoption, leveraging AI for detection, investigation, and response, but the lack of comprehensive governance and workforce training remains a significant barrier.
The convergence of AI with other technologies, such as blockchain and cryptocurrency, is also driving the emergence of autonomous financial systems and agentic payments, further complicating the security landscape. Success in this new paradigm requires balancing innovation with robust accountability, ensuring that AI-driven systems are auditable and governed rather than left to unconstrained automation. As organizations move from experimentation to operational deployment of AI, the need for continuous, data-aware identity security and formal governance policies is paramount to mitigate risks, ensure compliance, and maintain confidence in AI-enabled operations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Security outlook warns identity and AI risks will intensify in 2026
A 2026 enterprise security outlook projected that AI proliferation, shadow AI, autonomous agents, and machine identity sprawl will create major new attack surfaces and governance pressures. It warned that identity will become the primary control plane for managing AI-related cyber risk and regulatory compliance.
Cloud Security Alliance research finds governance drives AI security confidence
Research highlighted by the Cloud Security Alliance found that only about a quarter of organizations have comprehensive AI security governance, and that governance maturity is the main factor separating organizations that feel prepared for AI security from those that do not.
Chainalysis outlines AI-blockchain convergence and agentic payments
Chainalysis described how AI and blockchain are converging to enable autonomous financial systems, with AI handling decision-making and blockchain providing transparent execution and auditability. The company also highlighted its use of AI to improve crypto security, compliance monitoring, and fraud detection.
Visa, PayPal/OpenAI, and Google launch agentic payment initiatives
Industry initiatives including Visa’s Trusted Agent Protocol, PayPal and OpenAI’s Agent Checkout Protocol, and Google’s AP2 standard emerged to support AI systems that can initiate payments within defined policies, signaling broader adoption of agentic payments.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Five identity-driven shifts reshaping enterprise security in 2026
helpnetsecurity.com
Open sourceGovernance maturity defines enterprise AI confidence
helpnetsecurity.com
Open sourceThe Convergence of AI and Cryptocurrency: From Digital Transactions to Agentic Payments
chainalysis.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Emerging Data Risks and Security Challenges from Enterprise AI Adoption
Enterprises are rapidly integrating artificial intelligence (AI) into their core operations, leading to a significant increase in both the scale and complexity of cybersecurity risks. Autonomous AI agents, once limited to providing suggestions, now act independently within enterprise systems, accessing sensitive data, executing transactions, and triggering downstream workflows without human oversight. These agents, often deployed by individual teams or embedded in third-party software, can inadvertently ingest confidential information, such as customer credit card data, even if the data is only briefly accessible. Unlike human users, AI agents lack contextual understanding and ethical judgment, acting continuously and at scale, which introduces a new category of 'Shadow AI' risk. Multimodal AI systems, which process multiple input streams to generate more human-like outputs, further expand the attack surface. Adversaries can exploit these systems by manipulating data inputs, such as subtly altering images or text, to deceive the AI and bypass security controls. Research has demonstrated that these attacks are not merely theoretical; adversarial manipulations can evade detection and cause significant harm, especially in critical sectors like defense, healthcare, and finance. Organizations are increasingly aware of the dangers posed by AI-augmented threats, including deepfakes and AI-driven social engineering, but many lag in implementing effective technical defenses. Surveys indicate that while a majority of firms have experienced deepfake or AI-voice fraud attempts, more than half have suffered financial losses as a result. Despite this, investment in detection and mitigation technologies remains inadequate, and many companies overestimate their preparedness. The surge in AI adoption is reflected in corporate disclosures, with over 70% of S&P 500 firms now reporting AI as a material risk, up from just 12% two years prior. Reputational and cybersecurity risks are the most frequently cited concerns, followed by legal and regulatory challenges as governments move to establish AI-specific compliance requirements. However, only a minority of corporate boards have formally integrated AI oversight into their governance structures, highlighting a gap between risk awareness and actionable governance. The lack of comprehensive frameworks for managing AI risk leaves organizations vulnerable to both technical and compliance failures. As AI becomes more deeply embedded in business processes, the need for robust governance, continuous education, and responsible-use frameworks becomes increasingly urgent. Security and governance leaders must adapt to this new frontier by developing strategies that address the unique risks posed by autonomous and multimodal AI systems. Failure to do so could result in significant financial, operational, and reputational damage as adversaries continue to exploit the evolving AI landscape.
Mar 21, 2026
Enterprise AI Adoption Outpaces Risk and Identity Governance
Enterprises are rapidly integrating artificial intelligence into their risk management and operational processes, but governance and security controls are struggling to keep pace. According to AuditBoard, more than half of organizations have implemented AI-specific tools, and many are investing in machine learning training for their teams. Despite this widespread adoption, confidence in AI systems remains uneven, with few organizations feeling prepared for the governance requirements that new AI regulations will demand. The pace of AI experimentation surged in May and June 2025, only to decline in July as acceptance rates dropped and decision times increased, highlighting volatility in adoption and a lack of robust governance structures. Many organizations find themselves in a 'middle maturity trap,' where initial enthusiasm for AI and risk frameworks fades without sustained governance and oversight. Boards that prioritize risk oversight as a regular agenda item and align on shared performance goals see more consistent progress, while others experience stagnation and last-minute compliance efforts. Control maturity is closely tied to governance, with rapid adoption of controls in some periods followed by slowdowns and only partial recoveries. As regulatory expectations expand to cover AI, cybersecurity, and environmental reporting, the ability to embed controls into daily operations will be critical for resilience. Simultaneously, the rise of autonomous AI agents with significant system privileges introduces new identity and access management challenges. These agents can execute code, handle sensitive data, and perform complex tasks without human intervention, increasing the risk of automation errors leading to major incidents. The traditional security perimeter has shifted, making identity management the central control point for modern enterprises. The 2025-2026 SailPoint Horizons of Identity Security report reveals that fewer than 40% of AI agents are governed by identity security policies, leaving a substantial gap in enterprise security frameworks. The proliferation of non-human identities and automated systems has dramatically expanded the attack surface, making organizations without comprehensive identity visibility especially vulnerable. Mature identity security practices are now seen as a strategic necessity, not just a compliance checkbox. Organizations are mapping controls to multiple frameworks, but the depth of implementation varies widely, with leading firms embedding thousands of requirements into daily operations. The convergence of rapid AI adoption, evolving risk frameworks, and the need for robust identity governance underscores the urgent need for enterprises to strengthen their risk and security postures. Without clear governance structures and comprehensive identity management, the benefits of AI could be undermined by increased exposure to operational and security risks. Boards and CISOs must ensure that risk oversight, control adoption, and identity security are integrated into the core of enterprise strategy to navigate the evolving threat landscape effectively.
Mar 21, 2026
Enterprise Security Challenges and Risks from AI Adoption
The rapid integration of artificial intelligence into enterprise operations is fundamentally altering the cybersecurity landscape. AI is now embedded in core business workflows, infrastructure, and decision-making processes, expanding the attack surface and introducing new exposure points in data, models, applications, and infrastructure. Security leaders are grappling with governance gaps, especially as agentic AI systems move from pilot to production, and are seeking new standards and controls to manage the risks of autonomous agents and application-to-application access. The need for robust data governance, updated identity and access management, and resilient infrastructure is driving a major IT transformation, with increased spending and a focus on AI-enabled security solutions. Industry experts and CISOs emphasize the importance of adapting security strategies to address the unique challenges posed by AI, including the concentration of sensitive data, the risk of model manipulation, and the complexity of AI-driven environments. Security vendors and analysts highlight the inadequacy of traditional security practices in the face of AI-driven threats, calling for the elimination of outdated controls and the adoption of new standards such as those proposed by Okta for managing OAuth permissions for AI agents. The evolving role of the CISO, the rise of zero trust as a business necessity, and the persistent importance of the human element in defense are recurring themes. Predictions for 2026 underscore the urgency for enterprises to refresh IT infrastructure, strengthen data governance, and prepare for a future where AI agents operate autonomously across interconnected systems, requiring continuous adaptation of security policies and controls to mitigate emerging risks.
Mar 21, 2026